Cyber Insurance In India

With the rise of digital technologies and platforms, cyber threats such as data breaches, social media scams, and ransomware have increased. In India, CPR reported an 18% increase in weekly cyber attacks in Q1, ’23. 

In such tumultuous times, cyber insurance has become important to mitigate these risks and protect themselves against potential losses.

What is Cyber Insurance? 

Cyber insurance is a policy designed to protect individuals and businesses against losses from cyber attacks or data breaches. They usually cover a range of costs associated with a cyber attack, including investigating the attack, restoring lost data, and providing notification to affected parties. 

Why does India need to adopt Cyber Insurance?

In India, cyber threats loom large, with each organization facing an average of 2100 attacks weekly in 2023.   

The threats have risen in recent years, driven by the increasing use of digital technologies, a growing number of internet users, and a lack of cybersecurity awareness. 

Here are some of the most common cyber threats faced by individuals and businesses in India:

1. Malware: Malware is a software designed to harm computer systems or steal sensitive information. 
2. Ransomware: Ransomware is malware that locks down a victim’s computer or files and demands payment for the data release.
3. Phishing: Phishing attacks involve using fraudulent emails, text messages, or websites to trick users into giving away PII such as passwords or credit card numbers. 
4. Social engineering: Social engineering attacks involve manipulating human behavior to gain access to sensitive information or computer systems. Examples include pretexting, baiting, and quid pro quo attacks. 
5. Cyber espionage: The use of hacking techniques to steal sensitive information from government organizations, businesses, or individuals. 

What are the various types of cyber insurance available in India?

Cyber insurance is still a relatively new concept in India, and as of now, the penetration of cyber insurance in India is low. However, there is a growing awareness of insurance in organizations. According to a recent report by PwC India and the Data Security Council of India (DSCI), India’s cyber insurance market is expected to grow at a CAGR of 35% from 2021 to 2025. 

Cyber insurance policies are classified into various types as per the coverage they provide: 

A. Data breach coverage – Data breach coverage can help cover the costs associated with investigating the breach, notifying affected parties, providing credit monitoring services, and restoring lost data.

In India, ICICI Lombard is a prominent company covering this breach and business interruption coverage. 

B. Cyber extortion coverage – Cyber extortion is an attack where attacker threatens to harm an individual or business unless the ransom is paid. In these attacks, the attacker may threaten to release sensitive information, disable computer systems, or launch a distributed denial of service (DDoS) attack.

One example of an Indian insurance company that provides cyber extortion coverage is HDFC ERGO. Their cyber insurance policy covers losses resulting from cyber extortion, including the costs associated with ransom payments, hiring a security consultant, and crisis management expenses.

C. Business interruption coverage – Business interruption coverage can provide financial assistance to businesses that experience a cyber attack causing their systems to go offline and preventing normal business operations.

Other common insurances include Liability coverage, Crisis management coverage, Legal coverage, and Social engineering fraud coverage. 

Cyber Insurance Market in India 

Globally, the cyber insurance market is expected to grow at a CAGR of 27% from 4.2 billion USD to 22.8 billion USD from 2017 to 2024. In India, it remains at a nascent stage. However, with growing awareness, the penetration has seen a substantial Y-o-Y increase. 

As Mantra Labs recently worked with India’s largest private insurance company to improve their cyber insurance journey, we understood that the key focus was to be on ensuring customers understand the risks involved and the impact of various benefits/add-ons provided. 

In order to improve the offtake, insurers need to focus on customers’ digital experience while selecting an insurance plan. 

Some of the prominent insurance companies offering cyber insurance include – 

1. HDFC Ergo
2. Bajaj Allianz
3. ICICI Lombard
4. Tata AIG
5. Reliance General

How to Select the Right Cyber Insurance Policy in India 

Choosing the right cyber insurance policy is a key decision for businesses in India. Here are some factors to keep in mind:

1. Coverage: Businesses should look for a policy that covers a range of cyber risks, including data breaches, cyber extortion, and business interruption.
2. Policy limits: It’s essential to understand the limits of your cyber insurance policy, including the amount of coverage it provides and any deductibles or exclusions that may apply. 
3. Cost: Cyber insurance policies can vary widely in price, so it’s critical to consider the cost of the policy to the coverage it provides. Look for a policy that offers good value for the cost.
4. Reputation: When choosing a cyber insurance policy, it’s essential to consider the insurance provider’s reputation. Companies should prefer a credible insurer with a good customer service team.
5. Risk management services: Many cyber insurance policies come with risk management services and resources that can help businesses identify and mitigate cyber risks. Look for a policy that includes these types of services.
6. Claims process: Finally, it’s key to understand the claims process for your cyber insurance policy. 

Choosing the right cyber insurance policy requires careful consideration of these factors to ensure your business is adequately protected against the growing threat of cyber attacks.

India accounts for just 5% of the global cyber insurance market. However, the future is promising.

As the market for cyber insurance in India grows, we expect to see more innovative policies and risk management services to help businesses prevent and respond to cyber incidents.